Allowing HTML or < tag in customer's text input?

Hello - some of our products have an option where the customer can enter a custom message to include on the product.



This option is set as a “Text” field (the regular html input field).



Due to the nature of our business though, allowing the < and > characters is necessary. But it looks like cs-cart strips out any < that gets entered, and every other >.



I know it’s doing this to prevent malicious html input. I have tried to see where it’s doing this but did not find it.



Where is cs-cart stripping these out?



Even escaping the < and > to the html entity > and < internally will be fine, because the other views should hopefully render them as expected.

i think that removing this is not secure for you, removing this from everywhere will be quite difficult, but for some specific functionality you can try.

try to search smarty strip_tags in templates where you want to remove this cleaning.



for example:

with cleaning {$product.product|strip_tags}, without {$product.product}